A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.10 (Groovy Gorilla) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * accountsservice: 0.6.55-0ubuntu13 => 0.6.55-0ubuntu13.2 * linux-meta: 5.8.0.26.31 => 5.8.0.28.33 * linux-signed: 5.8.0-26.27 => 5.8.0-28.30 * openldap: 2.4.53+dfsg-1ubuntu1 => 2.4.53+dfsg-1ubuntu1.1 * plymouth: 0.9.5-0ubuntu2 => 0.9.5-0ubuntu2.1 * python-cryptography: 3.0-1 => 3.0-1ubuntu0.1 * tmux: 3.1b-1 => 3.1b-1ubuntu0.1 * ubuntu-release-upgrader: 1:20.10.12 => 1:20.10.13 The following is a complete changelog for this image. new: {'linux-headers-5.8.0-28': '5.8.0-28.30', 'linux-headers-5.8.0-28-generic': '5.8.0-28.30', 'linux-modules-5.8.0-28-generic': '5.8.0-28.30'} removed: {'linux-headers-5.8.0-26-generic': '5.8.0-26.27', 'linux-modules-5.8.0-26-generic': '5.8.0-26.27', 'linux-headers-5.8.0-26': '5.8.0-26.27'} changed: ['accountsservice', 'libaccountsservice0:amd64', 'libldap-2.4-2:amd64', 'libldap-common', 'libplymouth5:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.8.0-28-generic', 'linux-image-virtual', 'linux-virtual', 'plymouth', 'plymouth-theme-ubuntu-text', 'python3-cryptography', 'python3-distupgrade', 'tmux', 'ubuntu-release-upgrader-core'] new snaps: {} removed snaps: {} changed snaps: [] ==== accountsservice: 0.6.55-0ubuntu13 => 0.6.55-0ubuntu13.2 ==== ==== accountsservice libaccountsservice0:amd64 * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS (LP: #1900255) - debian/patches/0010-set-language.patch: updated to not drop real uid and real gid in user_drop_privileges_to_user. - debian/patches/0009-language-tools.patch: updated to not reset effective uid. - CVE-2020-16126 * SECURITY UPDATE: accountsservice .pam_environment infinite loop (LP: #1900255) - debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW and limit the number of lines read from file. - CVE-2020-16127 ==== linux-meta: 5.8.0.26.31 => 5.8.0.28.33 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.8.0-28 * Bump ABI 5.8.0-27 ==== linux-signed: 5.8.0-26.27 => 5.8.0-28.30 ==== ==== linux-image-5.8.0-28-generic * Master version: 5.8.0-28.30 * Master version: 5.8.0-27.29 ==== openldap: 2.4.53+dfsg-1ubuntu1 => 2.4.53+dfsg-1ubuntu1.1 ==== ==== libldap-2.4-2:amd64 libldap-common * SECURITY UPDATE: DoS via NULL pointer dereference - debian/patches/CVE-2020-25692.patch: skip normalization if there's no equality rule in servers/slapd/modrdn.c. - CVE-2020-25692 ==== plymouth: 0.9.5-0ubuntu2 => 0.9.5-0ubuntu2.1 ==== ==== libplymouth5:amd64 plymouth plymouth-theme-ubuntu-text * debian/patches/timeout-for-ping.patch: Raise the ping timeout from 2 to 30 seconds. Two seconds was way too short, - causing ping to randomly fail on some busy multi-monitor start-ups, - causing gdm to think no plymouthd is running, - causing gdm to never call 'plymouth deactivate', - causing plymouthd to retain ownership of the graphics hardware, - causing gdm's login screen to fail to start. (LP: #1872159) ==== python-cryptography: 3.0-1 => 3.0-1ubuntu0.1 ==== ==== python3-cryptography * SECURITY UPDATE: Bleichenbacher timing oracle attack - debian/patches/CVE-2020-25659.patch: Attempt to mitigate Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt, src/cryptography/hazmat/backends/openssl/rsa.py. - CVE-2020-25659 ==== tmux: 3.1b-1 => 3.1b-1ubuntu0.1 ==== ==== tmux * SECURITY UPDATE: Stack buffer overflow - debian/patches/CVE-2020-27347.patch: avoid writes after the end of array and the stack when colon-separated SGR sequences contain empty arguments in input.c. - CVE-2020-27347 ==== ubuntu-release-upgrader: 1:20.10.12 => 1:20.10.13 ==== ==== python3-distupgrade ubuntu-release-upgrader-core * DistUpgrade/DistUpgradeQuirks.py: Replace python-dev with python-dev-is-python2 rather than with nothing as that is a better upgrade path. (LP: #1887544) * DistUpgrade/DistUpgradeViewGtk3.py, DistUpgrade/DistUpgradeViewKDE.py: Change the window label from 20.04 to 20.10. (LP: #1901377) * Update mirrors and demotions. -- [1] http://cloud-images.ubuntu.com/releases/groovy/release-20201111/ [2] http://cloud-images.ubuntu.com/releases/groovy/release-20201103/